fix: address remaining PR review comments

- Replace console.error with centralized logger in jellyfin-sign-in-button
- Add comprehensive JSDoc documentation for Jellyfin token strategy
- Document why AccessToken is not persisted in database

All components already have data-testid attributes as required.
Linting, build, and all unit tests passing.

Author: mchestr

components/auth/jellyfin-sign-in-button.tsx

@@ -2,9 +2,12 @@
 
 import { Button } from "@/components/ui/button"
 import { StyledInput } from "@/components/ui/styled-input"
+import { createLogger } from "@/lib/utils/logger"
 import { signIn } from "next-auth/react"
 import { FormEvent, useState } from "react"
 
+const logger = createLogger("JELLYFIN_SIGN_IN")
+
 export interface JellyfinSignInButtonProps {
   /**
    * Server name to display in messages
@@ -93,7 +96,7 @@ export function JellyfinSignInButton({
         setIsLoading(false)
       }
     } catch (err) {
-      console.error('Sign-in error:', err)
+      logger.error('Sign-in error', err)
       let errorMsg = "Failed to sign in. Please try again."
 
       // Provide more specific error messages based on error type

lib/jellyfin-auth.ts

@@ -44,6 +44,20 @@ const JellyfinCredentialsSchema = z.object({
 /**
  * Authenticate a Jellyfin user with username and password
  *
+ * This function validates user credentials against the Jellyfin server and returns
+ * user information if authentication is successful.
+ *
+ * ## Token Strategy
+ *
+ * The Jellyfin API returns an AccessToken upon successful authentication. However,
+ * this token is **not persisted** in the application database. Instead:
+ * - The token is used only for session validation during the authentication flow
+ * - The app uses the configured admin API key for all Jellyfin API operations
+ * - Users authenticate with username/password on each login session
+ *
+ * This approach simplifies token management and refresh logic while maintaining
+ * security through NextAuth session management.
+ *
  * @param jellyfinConfig - Server configuration (URL and API key)
  * @param username - Jellyfin username
  * @param password - User's password